You are not logged in. Please login or register.
PunBB Forums → Feature requests → Selectable Hashing method
Most other forums use md5 for hashing, and anyone planning to migrate from another forum will encounter the same problem I did in that I needed to edit the pun_hash function to force it to use md5 instead of SHA1();
While this is no biggy, it might be worth adding a selectable hashing method within the install script, for those planning to migrate.
Adam
if the passwords are stored in md5 it doesn't matter punbb will convert them to SHA1 as and when users login i think
Edit: Nevermind. I'm a moron.
Adz: Like Connorhd pointed out, you don't need to worry about that. If PunBB notices a user has an MD5 hash when there is SHA1 available, it will update the database automatically the next time the user logs in. It works transparently.
maybe im the only one that would prefer to use md5 either way 
Adam
why would you prefer md5?
for easier intergration with other scripts
for password hashing i cant think of any real benfit in using sha1 over md5, sure, it might take 80 years instead of 30 years to find a key, but that doesnt really worry me to be honest 
Actually, md5 is incredibly easy to brute force. A 5 character password takes only a few minutes. I actually did it for fun in a forum I moderate. I extracted the password hashes of all the admins and moderators and brute forced them up to 6 characters. The result was that 4 moderators had to change their passwords because they were too easy to brute force.
The same applies to sha1 though, in the case of brute forcing a password
takes longer though i think a more complicated hash
depends where you look, but figures range from sha1 being quicker, to sha1 taking 3x as long 
I'd sure like to try, but I have yet to find an SHA1 brute force tool that comes anywhere near the speed of e.g. mdcrack. If you know one, please let me know.
for a 5 char brute force, i dont think speed is really an issue
Hi guys,
it's the 3rd time I integrate punBB with other scripts and it's the 3rd time I've to modify login.php&co. to use md5. It's not so difficult, but I'd like also (as Adz) to choose what encryption my forum has to use.
But then there is the issue of having ppl modify that parameter on the fly and, for md5 to sha1 switch, PunBB works flawless...
Thank you,
Paolo Gabrielli
P.S.: what about a PayPal approved feat. donation? I would like to pay few bucks for a feat like that one!
If your modding stuff anyway to intergrate it can't you just modify which hash it uses manually? The only reason for a selection feature to be added would be in alot of people wanted the option, which im pretty sure is not the case.
If you're integrating punBB on your site, just copy the pun_hash() function.
PunBB Forums → Feature requests → Selectable Hashing method
Powered by PunBB, supported by Informer Technologies, Inc.